Privacy Policy

Last Updated: August 2025

Our Commitment to Your Privacy

At Your Circle, we are dedicated to respecting and protecting your privacy. We understand that when accessing National Disability Insurance Scheme (NDIS) services, you trust us with sensitive personal information. We are committed to handling your information securely, responsibly, and in compliance with all applicable Australian privacy laws and NDIS regulations, including those specific to the Australian Capital Territory (ACT).

Purpose and Scope

This Privacy Policy explains how Your Circle collects, uses, stores, and protects your personal and sensitive information when you engage with our NDIS support services. It applies to all clients, their families, guardians, advocates, staff, contractors, and website users.

Your Circle adheres to the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the National Disability Insurance Scheme Act 2013, the NDIS Practice Standards, the NDIS Code of Conduct, and ACT-specific privacy requirements.

Information We Collect

We collect personal and sensitive information that is reasonably necessary to provide safe, effective, and compliant NDIS services. We will only collect information relevant to your support needs and the services we provide. This information includes, but is not limited to:

• Full name, date of birth, gender identity
• Contact details (address, phone numbers, email)
• NDIS participant number and plan details
• Medical history, health information, and disability support needs (sensitive information)
• Emergency contact details and guardian information
• Cultural, religious, and linguistic preferences (sensitive information)
• Banking details for payment and reimbursement purposes
• Service delivery records, progress notes, assessments, reports
• Information provided by you, your representatives, or third parties such as NDIS, health providers, or government agencies
• Website usage data (see cookies and tracking below)

How We Collect Your Information and Transparency

We aim to collect information directly from you wherever possible. There are various ways we collect your information:

• Directly from You or Your Representative: When you or your authorised representative discusses your care needs with our Coordinators, Care Managers or management staff. This may also occur when you complete forms or engage in our service assessments.
• Via Our Website: When you use our website, such as completing a 'contact us' form, we will request necessary personal information (e.g., name, email, contact number). The type of information collected will depend on the services you use on our website.
• From Third Parties: With your consent, we may obtain information from outside sources like the NDIS, My Aged Care, other NDIS providers, or relevant government agencies, where necessary for providing your care.
• Via website analytics — we use Google Analytics to collect anonymous data about site usage. This may include IP addresses, browser type, and pages visited. In the future, we may use this data for remarketing. You can opt out via Google's Ads Settings or browser tools.

Cookies & Tracking

Our website uses cookies and similar technologies to improve user experience and analyse traffic. Cookies may store your preferences, enable certain site features, and collect statistical data. You can manage or disable cookies in your browser settings, though some site functions may not work as intended.

We may also use tracking tools such as Google Analytics, which may store data on servers outside Australia. Where data is stored overseas, we ensure providers are required to protect your information in accordance with Australian privacy laws.

Children's Privacy

We only collect personal information about children under 18 with the consent of a parent or legal guardian. We apply additional safeguards to protect children's data.

Use and Disclosure of Your Information

We will not use your personal information for any purpose that is not directly related to the NDIS products or services we provide, or for any purpose for which you would not reasonably expect us to use the information.

We will not sell or disclose your information to any individual or entity outside Your Circle for marketing purposes.

Any sensitive information we collect will only be used by us to help provide you with the care you need. We will not disclose or release this sensitive information without your informed consent, unless we are required or authorised by law to do so, or in an emergency situation where it is necessary to prevent or lessen a serious threat to somebody's life, health, safety or to public health or safety. In such emergency instances, we will make all reasonable attempts to contact your emergency contact person to gain consent for releasing your information to other health providers.

We may disclose personal information to trusted third parties when:

• You have provided informed consent: This consent can be withdrawn at any time, which may affect our ability to provide certain services.
• Necessary to coordinate your care: With other registered NDIS providers, healthcare professionals, or government agencies involved in your support.
• Required or permitted by law: This includes situations where there is a duty to the public to disclose, or for law enforcement purposes.
• To protect the safety of clients, staff, or the public: In an emergency or where there is a serious threat.

Your Circle only uses your information to:

• Provide and coordinate NDIS-funded supports and services tailored to your needs
• Comply with legal and regulatory requirements
• Manage payments and billing related to your care
• Communicate with you about your care and our services
• Evaluate and improve our service delivery
• Trusted third-party service providers that support our operations, such as those providing website hosting, CRM systems, email delivery, and secure cloud storage — some may store data outside Australia under strict privacy protections

Such third parties are obligated to comply with relevant privacy laws and protect your information accordingly.

Data Security

Your Circle takes reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, complete, and up-to-date. We regularly review our data for accuracy and encourage you to notify us of any changes to your personal details.

How We Store and Protect Your Information (Data Security)

Your Circle is committed to protecting your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. We employ a combination of robust technical solutions, security controls, and internal processes:

• Electronic data — Stored on secure servers with strong password protection, encryption, and strict access controls. While we aim to store all client data in Australia, some of our trusted third-party providers may store or process data overseas. In such cases, we ensure these providers comply with strict privacy and security standards consistent with Australian privacy laws and the NDIS Code of Conduct.
• Hard Copy Data: Any hard copy information is stored securely in locked cabinets with restricted access.
• Website Data Transmission: Customer data captured on our website is passed through a secure server using encryption technology (SSL/TLS) to protect your information during internet transmission.
• Authorised Personnel: Only authorised Your Circle personnel are permitted to access your information. All staff, contractors, and associated personnel receive ongoing training regarding their privacy obligations and the handling of personal and sensitive information.
• Monitoring and Auditing: We regularly monitor and audit our storage and data systems to ensure compliance with federal laws and privacy obligations.

Retention and Disposal of Information

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. (e.g., NDIS record-keeping requirements). Contact and referral form submissions are retained for 12 months unless needed longer for service-related purposes.

When personal information is no longer needed or legally required to be retained, we ensure its secure disposal through methods such as shredding hard copies or permanently deleting electronic records in a way that protects your privacy.

Notifiable Data Breaches

In the unlikely event of a data breach that is likely to result in serious harm to you, Your Circle will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth). We will promptly notify you and the Office of the Australian Information Commissioner (OAIC) if such a breach occurs.

Access and Correction of Your Information

You have the right to request access to your personal information that Your Circle holds about you and to request corrections if you believe the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

To change or gain access to any details you have provided us, please contact us directly at support@yourcircle.com.au.

We will respond to your request within a reasonable timeframe and in accordance with privacy laws. We may need to verify your identity to ensure the security of your information.

Your Rights and Choices

• Consent: We will seek your consent to collect, use, or disclose your sensitive information wherever possible.
• Withdrawal of Consent: You may withdraw your consent at any time. Please be aware that withdrawing consent may affect our ability to provide certain services. We will discuss any implications with you.
• Direct marketing opt-out — you can unsubscribe from marketing emails or newsletters at any time.
• Website Cookies: You can manage or disable cookies through your browser settings; however, this may limit website functionality.

How to Make a Privacy Complaint

If you believe we have breached your privacy in any way, or if you have any concerns or questions about our privacy practices, please contact our privacy policy officer immediately.

You can lodge a complaint via:

Email: support@yourcircle.com.au

We are committed to resolving your complaint promptly and fairly. We will contact you within 48 hours or the next business day (if your complaint is made on a weekend). If we are unable to resolve the complaint in the first instance, we will provide written acknowledgement of your complaint and the issues raised. We will conduct a thorough investigation and provide you with an outcome within 30 days.

While we hope to resolve your complaint directly. If unresolved, you may also be able to lodge a complaint with an external body:

• NDIS Quality and Safeguards Commission: Phone: 1800 035 544 (free call from landlines) or visit their website.
• ACT Information Privacy Commissioner: Phone: (02) 6207 1480 or email ipc@act.gov.au

Policy Updates

Your Circle may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The most current version will always be available on our website at yourcircle.com.au/privacy. We encourage you to review this policy periodically.

Contact Us

For any questions about this policy or your privacy, please contact:

Thank you for trusting Your Circle with your care.